WebKit 'window.open()' method Cross Domain Scripting Vulnerability

WebKit is prone to a cross-domain scripting vulnerability because it fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary code in the context of a different domain. Successful exploits may result in privilege escalation.

Versions prior to WebKit r52401 are vulnerable.

NOTE: This issue was previously documented in BID 37948 (Google Chrome prior to Multiple Security Vulnerabilities) but has been assigned its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus